generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove export static DH ciphersuites

Browse Source 
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2015-05-22 13:33:19 +01:00
parent efee575ad4
commit 13f8eb4730
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@ -9,6 +9,14 @@
not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
[Matt Caswell] [Matt Caswell]
*) Removed support for the two export grade static DH ciphersuites
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
were newly added (along with a number of other static DH ciphersuites) to
1.0.2. However the two export ones have *never* worked since they were
introduced. It seems strange in any case to be adding new export
ciphersuites, and given "logjam" it also does not seem correct to fix them.
[Matt Caswell]
*) Version negotiation has been rewritten. In particular SSLv23_method(), *) Version negotiation has been rewritten. In particular SSLv23_method(),
SSLv23_client_method() and SSLv23_server_method() have been deprecated, SSLv23_client_method() and SSLv23_server_method() have been deprecated,
and turned into macros which simply call the new preferred function names and turned into macros which simply call the new preferred function names

2
doc/apps/ciphers.pod
View File

@ -365,10 +365,8 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DH-DSS-DES-CBC-SHA
SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DH-RSA-DES-CBC-SHA
SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA

4
ssl/s3_lib.c
View File

@ -330,7 +330,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
/* The DH ciphers */ /* The DH ciphers */
/* Cipher 0B */ /* Cipher 0B */
{ {
1, 0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA,
SSL_kDHd, SSL_kDHd,
@ -378,7 +378,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
/* Cipher 0E */ /* Cipher 0E */
{ {
1, 0,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA,
SSL_kDHr, SSL_kDHr,